Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure Splunk UF?

Shakeer_Spl
Explorer
‎01-16-2023 01:37 PM

Splunk UF

Hi folks,
Seeking help I am new to splunk I am trying to configure splunk UF, I have two vm's both vm's installed windows 10 however both vm's are communicating with each other in one VM I installed Splunk enterprise and in another VM installed Splunk UF.. Assuming splunk enterprise VM is receiver and splunk UF VM is forwarder so I assigned splunk UF VM IP into splunk enterprise VM as a forwader with port 9997 ex: xx.xx.xxx:9997
Still not receiving any logs from UF vm I would like to know that procedure I am doing is it correct
Would be appreciate your kind support
Thanks in advance..

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Shakeer_Spl
Explorer
‎01-18-2023 01:19 PM

Thanks,

issue fixed there was problem with port 9997 reconfigured working fine.

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎01-16-2023 03:39 PM

In Splunk Enterprise, go to Settings->Forwarding and Receiving and enable receiving on port 9997.  No IP address assignments are necessary.

In the UF, configure the Splunk Enterprise address with the command

./splunk add forward-server <<ip address>>:9997

 or edit /opt/splunk/etc/system/local/outputs.conf 

[tcpout:group1]
server=<<ip address>>:9997

and restart the UF.

See https://docs.splunk.com/Documentation/Forwarder/9.0.3/Forwarder/Configuretheuniversalforwarder for more information about configuring the UF.

---
If this reply helps you, Karma would be appreciated.
Tags (1)
0 Karma
Reply
Solved! Jump to solution
Solution

Shakeer_Spl
Explorer
‎01-18-2023 01:19 PM

Thanks,

issue fixed there was problem with port 9997 reconfigured working fine.

Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...